Part I Administering Single Interfaces

This part describes procedures to administer single interfaces in your system.

Chapter 1 Network Driver Configuration

This chapter discusses how to customize properties of an Ethernet network driver to fulfill specific performance requirements.

What's New With Configuring Network Interface Card Drivers

In this release, configuration of properties of the NIC driver is performed by using the dladm command. This command allows you to configure the properties dynamically without causing any network disruption on other NICs of similar types. The values that you set are stored into a dladm repository and therefore persist even after you reboot the system or unplumb the interface.

A Driver Configuration Framework (GLDv3) is implemented in this release. If used when you configure drivers, this framework provides the following benefits:

• Only single command interface, dladm, is needed to configure network driver properties.

• A uniform syntax is used regardless of the properties: dladm subcommand properties data-link.

• Use of the dladm command applies to both public and private properties of the driver.

• Using the dladm command on a specific driver does not disrupt other network connections.

Overview of NIC Driver Properties

NIC driver properties that are configurable by using the dladm command fall into one of two categories:

• Public properties that can be applied to any driver of the given media type such as link speed, autonegotiation for Ethernet, or the MTU size that can be applied to all data-link drivers.

• Private properties that are particular to a certain subset of drivers for a given media type. These properties can be specific to that subset because they are closely related either to the hardware that is associated with the driver or to the details of the driver implementation itself, such as debugging-related tunables.

Properties of a NIC driver are typically set with default values. However, certain networking scenarios might require you to change specific property settings of a NIC. These property settings can be either public or private properties. For example, a NIC might be communicating with an old switch that does not properly perform autonegotiation. Or, a switch might have been configured to support Jumbo frames. Or, driver specific properties that regulate packet transmission or packet receiving might need to be modified for the given driver. In this Solaris release, all of these settings can now be reset by a single administrative tool, dladm.

dladm Subcommands to Administer NIC Properties

For NIC drivers that have been converted to the GLDv3 framework, properties are configured by using the dladm command. This command enables you to configure the properties dynamically without causing any network disruption on other NICs of similar types. The values that you set are stored in a dladm repository and persist even after you reboot the system or unplumb the interface. Therefore, use dladm as the preferred command to configure NICs, instead of the ndd command.

To administer NIC drivers, you use the following dladm subcommands:

• dladm show-linkprop displays the properties that are associated with the data link.

• dladm set-linkprop sets values for specified data-link properties.

• dladm reset-linkprop restores property settings to the default values.

• dladm show-ether displays Ethernet parameter settings of a data link.

For more information about these commands, see the dladm(1M) man page.

Customizing NIC properties by using the dladm command is supported only in network drivers that have been converted to the GLDv3 framework, such as bge, nge, e1000g, and nxge.

Work continues to make other drivers become supported in the GLDv3 framework. To confirm whether your specific driver supports this feature, refer to the driver's man page.

The following section provides procedures to set certain NIC driver properties. The selected properties are public and common to all NIC drivers. A separate section describes driver specific properties as well as procedures to configure selected private properties of the e1000g driver.

Administering NIC Driver Properties

The following section provides procedures with examples that show how to configure public and private properties of NIC drivers by using the dladm command.

How to Enable Support for Jumbo Frames

Enabling support for Jumbo frames in a network setup is a common task for most network scenarios. Support for Jumbo frames requires increasing the size of a data link's maximum transmission unit (MTU). The following procedure includes the use of customized names to identify data links. For an overview of customized names and their use in network configuration, see Overview of the Networking Stack.

1. On the system that has the link whose MTU you want to modify, assume the System Administrator role.

   The System Administrator role includes the Network Management profile. To create the role and assign the role to a user, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

2. To identify the specific Ethernet device whose MTU size you need to reset, display the links in the system.

   # dladm show-phys

   Perform this step especially if your network configuration uses customized names for data links. With customized names, data links are no longer necessarily identified by their hardware-based names. For example, the Ethernet device is bge0. However, the data link over the device is renamed net0. Therefore, you would need to configure the MTU size of net0. Refer to Data Link and IP Interface Configuration (Tasks) for examples of configuration tasks on data links that use customized names.

3. (Optional) Display the data link's current MTU size and other properties.

   • To display a specific property of a data link, use the following syntax:

     dladm show-linkprop -p property data-link

     This command displays the settings of the property that you specify.

   • To display several selected properties of the data link, use the following syntax:

     # dladm show-link data-link

     This command displays data-link information, including MTU size.

   ---

   Note –

   See Link Administration and Monitoring for additional examples of the use of the dladm show-link syntax to display data-link information.

   ---

4. Unplumb the interface that is configured over the data link.

   # ifconfig interface unplumb

5. Change the value of the link's MTU size to 9000, the value for Jumbo frames.

   # dladm set-linkprop -p mtu=9000 data-link

6. Plumb the IP interface over the link.

   # ifconfig interface plumb IP-address up

   For additional options that you can use with the ifconfig command, see the ifconfig(1M) man page.

7. (Optional) Verify that the interface uses the new MTU size by using one of the command syntaxes in Step 3.

   # dladm show-linkprop -p mtu data-link

8. (Optional) Display the link's current Ethernet settings.

   # dladm show-ether data-link

Example 1–1 Enabling Support for Jumbo Frames

The following example that enables support for Jumbo frames builds on the following scenario:

• The system has two bge NICS: bge0 and bge1.

• The device bge0 is used as a primary interface, while the device bge1 is used for test purposes.

• You want to enable support for Jumbo frames on bge1, while you retain the default MTU size of the primary interface.

• The network configuration uses customized names for data links. The link name of bge0 is net0. The link name of bge1 is web1.

# dladm show-phys
LINK       MEDIA        STATE     SPEED     DUPLEX     DEVICE
net0       ether        up        100Mb     full       bge0
itops1     ether        up        100Mb     full       qfe3
web1       ether        up        100Mb     full       bge1

# dladm show-linkprop -p mtu web1
LINK     PROPERTY     VALUE     DEFAULT     POSSIBLE
web1     mtu          1500      1500        --

# ifconfig web1 unplumb
# dladm set-linkprop -p mtu=9000 web1
# ifconfig web1 plumb 10.10.1.2/24 up

# dladm show-link web1
LINK     CLASS     MTU      STATE     OVER
web1     phys      9000     up        --

Notice that the MTU value is now 9000. In this example, the dladm command enabled you to change web1's MTU size directly. The previous method would have required you to unplumb net0 as well, which would have unnecessarily disrupted the primary interface's operations.

How to Change Link Speed Parameters

Most network setups consist of a combination of systems with varying speed capabilities. For example, the advertised speed between an older system and a newer system might need to be changed to a lower setting to allow communication. By default, all the speed and duplex capabilities of a NIC card are advertised. This procedure shows how to turn off the gigabit capabilities and advertise only the megabit capabilities.

1. On the system that has the NIC whose properties you want to modify, assume the System Administrator role.

   The System Administrator role includes the Network Management profile. To create the role and assign the role to a user, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

2. (Optional) Display the current status of the property you want to modify.

   # dladm show-linkprop -p property data-link

3. To advertise lower speed capabilities, turn off the higher speed capabilities to prevent them from being advertised.

   # dladm set-linkprop -p property=value1 data-link

Example 1–2 Disabling Advertisement of a NIC's Gigabit Capabilities

This example shows how you can prevent the link web1 from advertising gigabit capabilities.

# dladm show-linkprop -p adv_1000fdx_cap web1
LINK     PROPERTY             VALUE     DEFAULT     POSSIBLE
web1     adv_1000fdx_cap      1         --          1,0

# dladm show-linkprop -p adv_1000hdx_cap web1
LINK     PROPERTY             VALUE     DEFAULT     POSSIBLE
web1     adv_1000hdx_cap      1         --          1,0

The properties that advertise the link's gigabit capabilities are adv_1000fdx_cap and adv_1000hdx_cap. To disable these properties from being advertised, you would type the following commands:

# dladm set-linkprop -p adv_1000fdx_cap=0 web1
# dladm set-linkprop -p adv_1000hdx_cap=0 web1

Listing the Ethernet parameter settings would display the following output:

# dladm show-ether web1
LINK     PTYPE       STATE    AUTO  SPEED-DUPLEX             PAUSE
web1     current     up       yes   1G-f                     both

How to Obtain Status Information About NIC Properties

You can obtain information about the NIC driver's properties by displaying either the Ethernet parameter settings or the link properties.

1. On the system that has the NIC whose properties you want to modify, assume the System Administrator role.

   The System Administrator role includes the Network Management profile. To create the role and assign the role to a user, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

2. To obtain information about the Ethernet parameter settings, use the following command:

   # dladm show-ether [-x] data-link

   where the -x option includes additional parameter information about the link. Without the -x option, only the current parameter settings are displayed.

3. To obtain information about all the properties of the link, use the following command:

   # dladm show-linkprop data-link

Example 1–3 Displaying Ethernet Parameter Settings

This example displays an extended list of parameter information about a specified link.

# dladm show-ether -x web1
LINK     PTYPE       STATE    AUTO  SPEED-DUPLEX             PAUSE
web1     current     up       yes   1G-f                     both
--       capable     --       yes   1G-fh,100M-fh,10M-fh     both
--       adv         --       yes   100M-fh,10M-fh           both
--       peeradv     --       yes   100M-f,10M-f             both

With the -x option, the command also displays the built-in capabilities of the specified link, as well as the capabilities that are currently advertised between the host and the link partner. The following information is displayed:

• For the Ethernet device's current state, the link is up and functioning at 1 gigabits per second at full duplex. Its autonegotiation capability is enabled and has bidirectional flow control, in which both host and link partner can send and receive pause frames.

• Regardless of the current setting, the capabilities of the Ethernet device are listed. The negotiation type can be set to automatic, the device can support speeds of 1 gigabits per second, 100 megabits per second, and 10 megabits per second, at both full and half duplex. Likewise, pause frames can be received or sent in both directions between host and link partner.

• The capabilities of web1 are advertised as follows: autonegotiation, speed-duplex, and flow control of pause frames.

• Similarly, web1's link or peer partner advertises the following capabilities: autonegotiation, speed-duplex, and flow control of pause frames.

Example 1–4 Displaying Link Properties

This example shows how to list all the properties of a link. If you want to display only a specific property, you use the -p option with the specific property that you want to monitor.

# dladm show-linkprop web1
LINK     PROPERTY             VALUE       DEFAULT     POSSIBLE
web1     speed                1000        --          -- 
web1     autopush             --          --          -- 
web1     zone                 --          --          -- 
web1     duplex               half        --          half,full 
web1     state                unknown     up          up,down 
web1     adv_autoneg_cap      1           1           1,0 
web1     mtu                  1500        1500        -- 
web1     flowctrl             no          bi          no,tx,rx,bi 
web1     adv_1000fdx_cap      1           1           1,0 
web1     en_1000fdx_cap       1           1           1,0 
web1     adv_1000hdx_cap      1           1           1,0 
web1     en_1000hdx_cap       1           1           1,0 
web1     adv_100fdx_cap       0           0           1,0 
web1     en_100fdx_cap        0           0           1,0 
web1     adv_100hdx_cap       0           0           1,0 
web1     en_100hdx_cap        0           0           1,0 
web1     adv_10fdx_cap        0           0           1,0 
web1     en_10fdx_cap         0           0           1,0 
web1     adv_10hdx_cap        0           0           1,0 
web1     en_10hdx_cap         0           0           1,0

The settings for the speed and duplex capabilities of the link are manually configured on the enabled-speed properties which are labeled en_*_cap. For example, en_1000fdx_cap is the property for the gigabit full-duplex capability, and en_100hdx_cap is the property for the 100 megabits half-duplex capability. The settings of these enabled speed properties are advertised between the host and its link partner by corresponding advertised speed properties, which are labeled adv_*_cap such as adv_1000fdx_cap and adv_100hdx_cap.

Normally, the settings of a given enabled speed property and the corresponding advertised property are identical. However, if a NIC supports some advanced features such as Power Management, those features might set limits on the bits that are actually advertised between the host and its link partner. For example, with Power Management, the values of the adv_*_cap properties might only be a subset of the values of the en_*_cap properties. For more details about the enabled and advertised speed properties, see the dladm(1M) man page.

How to Set the e1000g Driver to Use Direct Memory Access Binding

This procedure and the next procedure show how to configure private properties. Both procedures apply to properties specific to the e1000g driver. However, the general steps can be used to configure private properties of other NIC drivers as well.

Bulk traffic, such as file transfers, normally involves negotiation of large packets across the network. In such cases, you can obtain better performance from the e1000g driver by configuring it to automatically use DMA binding, where a threshold is defined for packet fragment sizes. If a fragment size surpasses the threshold, then DMA binding is used for transmitting. If a fragment size is within the threshold, then bcopy mode is used, where the fragment data is copied to the preallocated transmit buffer.

To set the threshold, perform the following steps:

1. On the system that has the NIC whose properties you want to modify, assume the System Administrator role.

2. Set the appropriate value for the _tx_bcopy_threshold property.

   # dladm set-linkprop -p _tx_bcopy_threshold=value e1000g-data-link

   For this property, the valid values for the threshold range from 60 through 2048.

   ---

   Note –

   As with configuring public properties, the interface must also be unplumbed before private property settings can be modified.

   ---

3. (Optional) Verify the new threshold value.

   # dladm show-linkprop -p _tx_bcopy_threshold e1000g-data-link

How to Manually Set the Interrupt Rate

Parameters that regulate the rate at which interrupts are delivered by the e1000g driver also affect network and system performance. Typically network packets are delivered to the upper layer of the stack by generating an interrupt for every packet. In turn the interrupt rate, by default, is automatically adjusted by the GLD layer in the kernel. However, this mode might not be desirable in all network traffic conditions. For a discussion of this issue, refer to this document (http://www.stanford.edu/class/cs240/readings/mogul.pdf) that was presented at the USENIX technical conference in 1996. Thus, in certain circumstances, setting the interrupt rate manually becomes necessary to obtain better performance.

To define the interrupt rate, you set the following parameters:

• _intr_throttling_rate determines the delay between interrupt assertions regardless of network traffic conditions.

• _intr_adaptive determines whether automatic tuning of the interrupt throttling rate is enabled. By default, this parameter is enabled.

1. On the system that has the NIC whose driver properties you want to modify, assume the System Administrator role.

   The System Administrator role includes the Network Management profile. To create the role and assign the role to a user, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

2. If necessary, identify the device whose driver property you want to modify.

   # dladm show-phys

3. Disable automatic tuning of the interrupt throttling rate.

   # dladm set-linkprop -p _intr_adaptive=0 e1000g-data-link

   ---

   Note –

   When automatic tuning of the interrupt throttling rate is enabled, then any value that is set for the parameter _intr_throttling_rate is ignored.

   ---

4. Unplumb the network interface.

5. Set the value for the minimum inter interrupt level.

   # dladm set-linkprop -p _intr_throttling_rate=value e1000g-data-link

   ---

   Note –

   The default value of the _intr_throttling_rate parameter is 550 on SPARC® based systems and 260 on x86 based systems. Setting the minimum inter-interrupt level to 0 disables the interrupt throttling logic.

   ---

6. Plumb the interface and configure an IP address for the interface.

7. (Optional) Display the threshold's new settings.

Example 1–5 Configuring for DMA Binding and Setting the Interrupt Throttling Rate

This example uses an x86 based system with an e1000g NIC. The driver is configured with a threshold setting toggle between using DMA binding or the bcopy mode for transmitting packets. The setting for the interrupt throttling rate is also modified. Further, the e1000g data link has been renamed with a customized name. Therefore, the configuration is performed on the data link by referring to the customized name, public0.

# dladm show-phys
LINK       MEDIA        STATE     SPEED     DUPLEX     DEVICE
public0    ether        up        100Mb     full       e1000g0

# dladm show-linkprop -p _tx_bcopy_threshold public0
LINK        PROPERTY                VALUE     DEFAULT     POSSIBLE
public0     _tx_bcopy_threshold     512       512         --

# dladm show-linkprop -p _intr-throttling_rate
LINK        PROPERTY                  VALUE     DEFAULT     POSSIBLE
public0     _intr-throttling_rate     260       260         --

# ifconfig public0 unplumb
# dladm set-linkprop -p _tx_bcopy_threshold=1024 public0
# dladm set-linkprop -p _intr_adaptive=0 public0
# dladm set-linkprop -p _intr-throttling_rate=1024 public0
# ifconfig public0 plumb 10.10.1.2/24 up

# dladm show-linkprop -p _tx_bocopy_threshold=1024 public0
LINK        PROPERTY                VALUE     DEFAULT     POSSIBLE
public0     _tx_bcopy_threshold     1024      512         --

# dladm show-linkprop -p _intr_adaptive public0
LINK        PROPERTY           VALUE     DEFAULT     POSSIBLE
public0     _intr-adaptive     0         1           --

# dladm show-linkprop -p _intr-throttling_rate
LINK        PROPERTY                  VALUE     DEFAULT     POSSIBLE
public0     _intr-throttling_rate     1024      260         --

Chapter 2 Configuring an IP Interface

This chapter provides the procedures that are used to configure a single data link and then an IP interface over that link.

About IP Interface Configuration

After you install the Solaris OS, you might perform the following tasks:

• Configure an IP interface over a data link for a basic interface configuration. This chapter describes the procedures.

• Configure links for a virtual local area network (VLAN). The procedures are described in Chapter 5, Administering VLANs.

• Configure links into an aggregation. The procedures are described in Chapter 6, Administering Link Aggregations.

• Configure IP interfaces as members of an IPMP groups. The procedures are described in Chapter 8, Administering IPMP.

You use the appropriate dladm subcommands to administer data links such as assigning customized names to a link. For a description of link names, see Assigning Names to Data Links. If the data link is also intended to be used for IP communication, you then configure IP interfaces over the data link by using the ifconfig command.

Data Link and IP Interface Configuration (Tasks)

This section describes basic configuration procedures on a data link.

SPARC: How to Ensure That the MAC Address of an Interface Is Unique

Some applications require every interface on a host to have a unique MAC addresses. However, every SPARC based system has a system-wide MAC address, which by default is used by all interfaces. Here are two situations where you might want to configure the factory-installed MAC addresses for the interfaces on a SPARC system.

• For link aggregations, you should use the factory-set MAC addresses of the interfaces in the aggregation configuration.

• For IPMP groups, each interface in the group must have a unique MAC address. These interfaces must use their factory-installed MAC addresses.

The EEPROM parameter local-mac-address? determines whether all interfaces on a SPARC system use the system-wide MAC address or their unique MAC address. The next procedure shows how to use the eeprom command to check the current value of local-mac-address? and change it, if necessary.

1. On the system with the interfaces to be configured, assume the Primary Administrator role or become superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Determine whether all interfaces on the system currently use the system-wide MAC address.

   # eeprom local-mac-address? local-mac-address?=false

   In the example, the response to the eeprom command, local-mac-address?=false, indicates that all interfaces do use the system-wide MAC address. The value of local-mac-address?=false must be changed to local-mac-address?=true before the interfaces can become members of an IPMP group. You should also change local-mac-address?=false to local-mac-address?=true for aggregations.

3. If necessary, change the value of local-mac-address? as follows:

   # eeprom local-mac-address?=true

   When you reboot the system, the interfaces with factory-installed MAC addresses now use these factory settings, rather than the system-wide MAC address. Interfaces without factory-set MAC addresses continue to use the system-wide MAC address.

4. Check the MAC addresses of all the interfaces on the system.

   Look for cases where multiple interfaces have the same MAC address. In this example, all interfaces use the system-wide MAC address 8:0:20:0:0:1.

   ifconfig -a lo0: flags=1000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1004843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 10.0.0.112 netmask ffffff80 broadcast 10.0.0.127 ether 8:0:20:0:0:1 ce0: flags=1004843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 10.0.0.114 netmask ffffff80 broadcast 10.0.0.127 ether 8:0:20:0:0:1 ce1: flags=1004843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 10.0.0.118 netmask ffffff80 broadcast 10.0.0.127 ether 8:0:20:0:0:1

   ---

   Note –

   Continue to the next step only if more than one network interface still has the same MAC address. Otherwise, go on to the final step.

   ---

5. If necessary, manually configure the remaining interfaces so that all interfaces have unique MAC address.

   Specify a unique MAC address in the /etc/hostname.interface file for the particular interface.

   In the example in Step 4, you would need to configure ce0 and ce1 with locally administered MAC addresses. For example, to reconfigure ce1 with the locally administered MAC address 06:05:04:03:02, you would add the following line to /etc/hostname.ce1:

   ether 06:05:04:03:02

   ---

   Note –

   To prevent any risk of manually configured MAC addresses conflicting with other MAC addresses on your network, you must always configure locally administered MAC addresses, as defined by the IEEE 802.3 standard.

   ---

   You also can use the ifconfig ether command to configure an interface's MAC address for the current session. However, any changes made directly with ifconfig are not preserved across reboots. Refer to the ifconfig(1M) man page for details.

6. Reboot the system.

How to Configure an IP Interface After System Installation

Link configuration and IP interface configuration are two separate tasks. However, the following procedure combines the two tasks together to illustrate how an IP interface is created that has the same name as the data link. Thus, after plumbing an IP interface, for example, the link name is propagated up to the IP administrative and programmatic interfaces.

1. On the system with the interface to be configured, assume the Primary Administrator role or become superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Display information about physical attributes of data links currently on the system.

   # dladm show-phys

   For more information about this command, see How to Display Information About Physical Attributes of Data Links.

3. If you intend to rename a data link, then make sure that the link is not opened by any application.

   For example, if the IP interface over the link is plumbed, then unplumb the interface.

   # ifconfig interface unplumb

   where interface refers to the IP interface that is plumbed and using the link.

4. (Optional) Assign a meaningful name to the data link.

   # dladm rename-link old-linkname new-linkname

   old-linkname

   Refers to the current name of the data link. When a NIC is installed for the first time, by default, the NIC's link name is hardware-based, such as bge0.

   new-linkname

   Refers to any name that you want to assign to the data link. For rules for assigning link names, refer to Rules for Valid Link Names.

   ---

   Note –

   Although this step is optional, assigning a customized name to a link is recommended. For more information, see Considerations for Working With Link Names.

   ---

5. Configure the IP interface over the link with a valid IP address..

   # ifconfig interface plumb IP-address up

   where interface refers to the IP interface you are configuring over the link and the IP-address uses the the CIDR notation. The IP interface is identified by the name of the link. Thus, if you renamed the link in the previous step, you use the same name when you configure the IP interface. See the example that follows this procedure for reference.

   This step also brings that IP address up and enables the IP interface.

   For arguments that you can use with the ifconfig command such as broadcast, refer to the ifconfig(1M) man page. See also Monitoring the Interface Configuration With the ifconfig Command for examples of the different usages of the command.

   ---

   Note –

   This step and all subsequent steps that describe the configuration of an IP interface apply to IPv4 interfaces. To configure IPv6 interfaces, refer to Configuring an IPv6 Interface in System Administration Guide: IP Services

   ---

6. (Optional) Display the network data-link information.

   # dladm show-link

   For more information about this command, see How to Display Data Link Information.

7. (Optional) Display information about the newly configured IP interface.

   # ifconfig interface

8. (Optional) To make the interface configuration persist across reboots, perform the following steps:

   1. Create an /etc/hostname.interface file for the IP interface.

   2. Using a text editor, edit the /etc/hostname.interface file by adding the IP address.

      At a minimum, add the IPv4 address of the interface to the file. The address can be in traditional IPv4 notation or CIDR notation. For example, you can also use the following syntax:

      # echo IP-address > /etc/hostname.interface

   3. Add entries for the IP addresses into the /etc/inet/hosts file.

      The entries in this file consist of IP addresses and the corresponding host names.

   4. Reboot the system.

      # reboot

Example 2–1 Configuring the Network Interface

This example uses partial information from Figure P–2 to configure the data link qfe3 on the host campus01. The example also shows a persistent configuration.

# dladm show-phys
LINK     MEDIA        STATE     SPEED     DUPLEX     DEVICE
qfe3     Ethernet     up        100Mb     full       qfe3

# ifconfig qfe3 unplumb
# dladm rename-link qfe3 subitops1
# ifconfig subitops1 plumb 192.168.84.3/24 up
# dladm show-link
LINK          CLASS     MTU     STATE     OVER
subitops1     phys      1500    up        --

# ifconfig subitops1
subitops1: flags=1000843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
        inet 192.168.84.3 netmask ffffff00 broadcast 192.168.84.255
        ether 8:0:20:c8:f4:1d 

# echo 192.168.84.3/24 > /etc/hostname.subitops1

# vi /etc/inet/hosts
# Internet host table
#
127.0.0.1       localhost
10.0.0.14       myhost
192.168.84.3       campus01

# reboot

How to Replace a Network Interface Card With Dynamic Reconfiguration

Aside from servers, most laptops have PCMCIA slots that support dynamic reconfiguration (DR). This procedure shows how DR is now facilitated by the separation of the network link configuration from the network hardware configuration. You no longer need to reconfigure your network links after you complete DR. Instead, you just transfer the link configurations of the removed NIC to be inherited by the replacement NIC.

Before You Begin

Procedures to perform DR vary with the type of system. Make sure that you complete the following first:

• Ensure that your system supports DR.

• Consult the appropriate manual that describes DR on your system.

  To locate current documentation about DR on Sun servers, search for dynamic reconfiguration on http://docs.sun.com

  ---

  Note –

  The following procedure refers only to aspects of DR that are specifically related to the use of flexible names for data links. The procedure does not contain the complete steps to perform DR. You must consult the appropriate DR documentation for your system.

  ---

1. Assume the proper role that allows you to perform DR on the system, such as the Primary Administrator role or superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. (Optional) Display information about physical attributes of data links currently on the system.

   # dladm show-phys

3. Perform the DR procedures as detailed in your system's documentation to remove a NIC and then insert a replacement NIC.

   Consult your system's DR documentation to perform this step.

   After you have installed the replacement NIC, proceed to the next step.

4. Make sure that the replacement NIC is not being referenced by other configurations in the system.

   For example, the replacement NIC you install is ce0. If a file /etc/hostname.ce0 exists in the system, remove that file.

5. Transfer the link configuration of the removed NIC to the replacement NIC.

   # dladm rename-link replacementNIC-linkname removedNIC-linkname

   replacementNIC-linkname

   Refers to the default link name of the replacement NIC upon installation. When you insert a NIC into a system for the first time, the NIC's link name is hardware-based, such as bge0 or ce0.

   removedNIC-linkname

   Refers to the customized link name of the NIC that you removed.

6. Complete the DR process by enabling the new NIC's resources to become available for use by the Solaris release.

   For example, you use the cfgadm command to configure the NIC. For more information see the cfgadm(1M) man page.

7. (Optional) Display link information.

   For example, you can use either dladm show-phys or dladm show-link to show information about the data links.

Example 2–2 Replacing a Network Card

This example shows how a bge card with link name net0 is replaced by a ce card. The link configurations of net0 are transferred from bge to ce after ce is connected to the system.

# dladm show-phys
LINK          MEDIA        STATE     SPEED     DUPLEX     DEVICE
subitops1     Ethernet     up        100Mb     full       qfe3
net0          Ethernet     up        100Mb     full       bge0

You perform the DR-specific steps such as using cfgadm to disconnect bge and then install ce. Then the procedure continues.

# ls /etc/hostname.*
hostname.ce0

# rm /etc/hostname.ce0
# dladm rename-link ce0 net0

# dladm show-phys
LINK        MEDIA        STATE     SPEED     DUPLEX     DEVICE
subitops1   Ethernet     up        100Mb     full       qfe3
net0        Ethernet     up        100Mb     full       ce0

Configuring STREAMS Modules on Data Links

If necessary, you can set up to eight STREAMS modules to be pushed on top of a data link. These modules are typically used by third-party networking software such as virtual private networks (VPNs) and firewalls. Documentation about such networking software is provided by the software vendor.

The list of STREAMS modules to push on a specific data link is controlled by the autopush link property. In turn, the value of the autopush link property is set by using the dladm set-linkprop subcommand.

A separate autopush command can also be used to set the STREAMS autopush modules on a per-driver basis. However, the driver is always bound to the NIC. If the data link's underlying NIC is removed, then the link's autopush property information becomes lost as well.

To configure the STREAMS modules to be pushed on top of a data link, use the dladm set-linkprop command in preference over the autopush command. If both per-driver and per-link types of autoputsh configuration exist for a specific data link, the per-link information that is set with dladm set-linkprop is used and the per-driver information is ignored.

How to Set STREAMS Modules on Data Links

The following procedure describes how to configure STREAMS modules with the dladm set-linkprop command.

1. Assume the System Administrator role.

   The System Administrator role includes the Network Management profile. To create the role and assign the role to a user, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

2. Push the modules to the stream when the link is opened.

   # dladm set-linkprop -p autopush=modulelist link

   modulelist

   Specifies the list of modules that you want to be automatically pushed on to the stream. A maximum of eight modules can be pushed over a link. These modules are pushed in the order that they are listed in modulelist. Separate the modules in the list by using dots as delimiters.

   link

   Specifies the link on which the modules are pushed.

Example 2–3 Setting the autopush Link Property

In this example, you push the vpnmod and bufmod modules on top of the link net0. The link's underlying device is bge0.

# dladm set-linkprop -p autopush=vpnmod.bufmod net0

If you later replace the bge card with ce, you can switch to the new data link without needing to reconfigure the autopush settings. You just assign the link name to the new data link, as follows:

# dladm rename-link ce0 net0

How to Obtain autopush Link Property Settings

1. Assume the System Administrator role.

   The System Administrator role includes the Network Management profile. To create the role and assign the role to a user, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

2. Display autopush link property settings.

   # dladm show-linkprop -p autopush [link]

   If you do not specify link, then the information for all configured links is displayed.

How to Remove autopush Link Property Settings

1. Assume the System Administrator role.

   The System Administrator role includes the Network Management profile. To create the role and assign the role to a user, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

2. Remove the autopush link property settings of a specific data link.

   # dladm reset-linkprop [-t] -p autopush link

   Use the -t option to remove the property settings temporarily. The settings are restored when you reboot the system.

Link Administration and Monitoring

New and revised dladm subcommands are now available to work with link names. This section specifically discusses the subcommands show-phys and show-link. Other commands that display information are discussed in their respective chapters that describe the specific network setups, such as link aggregations and VLAN configurations.

How to Rename a Data Link

Use this procedure if you want to change a data link name, for example, to assign a meaningful name that would easily identify the link's role within your network setup.

Before You Begin

Make sure that you have studied and prepared for other steps you need to perform on associated configurations that might be affected by the change of link names. For more information, see Considerations for Working With Link Names.

1. On the system on which you want to rename a data link, assume the System Administrator role.

   The System Administrator role includes the Network Management profile. To create the role and assign the role to a user, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

2. Unplumb the IP interface.

   # ifconfig interface unplumb

3. Change the link's current link name.

   # dladm rename-link old-linkname new-linkname

   old-linkname

   Refers to the current name of the data link. By default, the link name is hardware-based, such as bge0.

   new-linkname

   Refers to any name that you want to assign to the data link. For rules for assigning link names, refer to Rules for Valid Link Names. See also Considerations for Working With Link Names for further information about renaming data links.

   If you do not want the new link name to persist across a system reboot, then use the -t option immediately after the subcommand. The option renames a link temporarily. The original link name reverts when the system is rebooted.

   ---

   Note –

   You can use dladm rename-link to transfer link configurations from one data link to another. For an example, see How to Replace a Network Interface Card With Dynamic Reconfiguration. When you rename a link for this purpose, make sure that the link that is inheriting the configuration does not have any prior existing configurations. Otherwise, the transfer fails.

   ---

Example 2–4 Changing a Link Name

The following example shows how a link name is changed from a hardware-based name to a customized name.

# dladm rename-link bge0 net0

How to Display Information About Physical Attributes of Data Links

This procedure lists the steps to display information about the physical attributes of a system's data links.

1. On the system, assume the System Administrator role.

   The System Administrator role includes the Network Management profile. To create the role and assign the role to a user, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

2. Display information about physical attributes of data links currently on the system.

   # dladm show-phys -P

   You can use the -P with this command to also display data links that are flagged as unavailable. A data link becomes unavailable if its associated hardware has been removed. Without the -P option, the command displays only available data links.

   To view the /devices path of the data links, use the -v option.

Example 2–5 Displaying Available Data Links

In the following example, the -P option includes the FLAGS column where unavailable links are indicated. The r flag for the data link net0 indicates the hardware that is associated with the link (eri) has been removed.

# dladm show-phys -P
LINK        MEDIA          STATE     SPEED     DUPLEX     DEVICE   FLAGS
subitops1   Ethernet       up        100Mb     full       qfe3     -----
ibd0        Infiniband     down      0Mb       --         ibd0     -----
subitops0   Ethernet       up        100Mb     full       ce0      -----
net0        Ethernet       --        0Mb       --         eri0     r----

The following example shows the output that is generated when you use the -v option.

# dladm show-phys -v
LINK     PATH
net2     /pci@1f,700000/network@2
ibd3     /pci@1d,700000/network@2
bge3     /pci@1f,700000/network@2,1

How to Display Data Link Information

This procedure displays the status of available links.

1. Assume the System Administrator role.

   The System Administrator role includes the Network Management profile. To create the role and assign the role to a user, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

2. Display link information.

   # dladm show-link

Example 2–6 Displaying Available Links

The following example shows persistent and available links on the system.

# dladm show-link -P
LINK        CLASS     OVER
subitops1   phys      --
ibd0        phys      --
eri0        phys      --

The -P option also displays any existing persistent but unavailable links. A persistent link becomes unavailable if the link is temporarily deleted. A link also becomes unavailable if the associated hardware has been removed.

How to Delete a Data Link

This procedure deletes link configurations that are associated with NICs. If you detach a NIC without intending to replace it, then you can delete the link configuration that is associated with that NIC. After you complete this procedure, the link name can be reused.

1. On the system with the interfaces to be configured, assume the System Administrator role.

   The System Administrator role includes the Network Management profile. To create the role and assign the role to a user, see Chapter 9, Using Role-Based Access Control (Tasks), in System Administration Guide: Security Services.

2. Display the data links on the system including those links whose hardware have been removed.

   To include information about removed hardware, use the -P option.

   # dladm show-phys -P

3. Remove the link configuration of the removed hardware that you do not intend to replace.

   # dladm delete-phys link

Example 2–7 Deleting a Data Link

In the following example, the r flag for net0 indicates that the link's associated hardware (ce) has been removed. Therefore, you can also remove the link net0 and then reassign the name to a new data link.

# dladm show-phys -P
LINK        DEVUCE     MEDIA        FLAGS
mylink0     qfe0       Ethernet     -----
eri0        eri0       Ethernet     -----
net0        ce0        Ethernet     r----

# dladm delete-phys net0

Chapter 3 Configuring Wireless Interface Communications on the Solaris OS

This chapter explains how to configure and use wireless interface communications on a laptop that runs the Solaris OS. The following topics are covered:

• Communicating over WiFi Interfaces

• Finding a WiFi Network

• Connecting and Using WiFi on Solaris OS Systems

• Secure WiFi Communications

WiFi Communications Task Map

Communicating Over WiFi Interfaces

The IEEE 802.11 specifications define wireless communications for local area networks. These specifications and the networks they describe are referred to collectively as WiFi, a term that is trademarked by the Wi-Fi Alliance trade group. WiFi networks are reasonably easy to configure by both providers and prospective clients. Therefore, they are increasingly popular and in common use throughout the world. WiFi networks use the same radio wave technology as cellular phones, televisions, and radios.

The Solaris OS contains features that enable you to configure a system as a WiFi client. This section explains how to use the WiFi connectivity options of the dladm command to connect a laptop or home computer to a local WiFi network.

The Solaris OS does not contain features for configuring WiFi servers or access points.

Finding a WiFi Network

WiFi networks typically come in three varieties:

• Commercially available WiFi networks

• Municipal WiFi networks

• Private WiFi networks

A location that is served by WiFi is referred to as a hot spot. Each hot spot includes an access point. The access point is a router with a “wired” connection to the Internet, for example, Ethernet or DSL. The Internet connection is usually through a wireless Internet service provider (WISP) or traditional ISP.

Commercial WiFi Networks

Many hotels and cafes offer wireless Internet connections as a service to their customers with laptop computers. These commercial hot spots have access points within their facilities. The access points are routers with wired connections to a WISP that serves commercial locations. Typical WISPs include independent providers and cellular phone companies.

You can use a laptop that runs the Solaris OS to connect to a WiFi network that is offered by a hotel or other commercial hot spot. Ask for instructions at the hot spot for connecting to the WiFi network. Typically, the connection process involves supplying a key to a browser that you launch upon login. You might have to pay a fee to the hotel or WISP in order to use the network.

Commercial locations that are Internet hot spots usually advertise this capability to their patrons. You can also find lists of wireless hot spots from various web sites, for example, Wi-FiHotSpotList.com.

Municipal WiFi Networks

Cities throughout the world have constructed free municipal WiFi networks, which their citizens can access from systems in their homes. Municipal WiFi uses radio transmitters on telephone poles or other outdoor locations to form a “mesh” over the area that the network serves. These transmitters are the access points to the municipal WiFi network. If your area is served by a municipal WiFi network, your home might be included in the network's mesh.

Access to municipal WiFi is usually free. You can access the municipal network from a properly equipped laptop or personal computer that runs the Solaris OS. You do not need a home router to access the municipal network from your system. However, configuring a home router is recommended for areas where the signal from the municipal network is weak. Home routers are also recommended if you require secure connections over the WiFi network. For more information, see Secure WiFi Communications.

Private WiFi Networks

Because WiFi networks are relatively easy to configure, companies and universities use private WiFi networks with access limited to employees or students. Private WiFi networks typically require you to supply a key when you connect or run a secure VPN after you connect. You need a properly equipped laptop or PC that runs the Solaris OS and permission to use the security features in order to connect to the private network.

Planning for WiFi Communications

Before you can connect your system to a WiFi network, complete the following instructions.

How to Prepare a System for WiFi Communications

Before You Begin

The following preparations assumes that your system is a laptop or personal computer that runs the Solaris Express, Developer Edition 2/07 or later release.

1. Equip your system with a supported WiFi interface.

   Your system must have a WiFi card that is supported by Solaris. For the Solaris Express, Developer Edition 2/07 and later releases, you can use WiFi cards that support most Atheros chip sets. For a list of currently supported drivers and chip sets, refer to Wireless Networking for OpenSolaris.

   If the interface is not already present on the system, follow the manufacturer's instructions for installing the interface card. You configure the interface software during the procedure How to Connect to a WiFi Network.

2. Locate your system in a place that is served by a WiFi network, either commercial, municipal, or private.

   Your system must be near the access point for the network, which is normally not a consideration for a commercial or private network hot spot. However, if you plan to use a free municipal network, your location must be near the transmitter access point.

3. (Optional) Set up a wireless router to serve as an additional access point.

   Set up your own router if no WiFi network is available at your location. For example, if you have a DSL line, connect the wireless router to the DSL router. Then the wireless router becomes the access point for your wireless devices.

Connecting and Using WiFi on Solaris OS Systems

This section contains tasks for establishing and monitoring WiFi connections for a laptop or desktop computer that runs the Solaris OS.

How to Connect to a WiFi Network

Before You Begin

The following procedure assumes that you have followed the instructions in How to Prepare a System for WiFi Communications.

1. Assume the Primary Administrator role, or become superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Check for available links.

   # dladm show-link LINK CLASS MTU STATE OVER ath0 phys 1500 up -- e1000g0 phys 1500 up --

   In this example, the output indicates that two links are available. The ath0 link supports WiFi communications beginning with the Solaris Express, Developer Edition 2/07release. The e1000g link is for attaching the system to a wired network.

3. Configure the WiFi interface.

   Use the following steps to configure the interface:

   • Plumb the link that supports WiFi:

     # ifconfig ath0 plumb

   • Verify that the link has been plumbed:

     # ifconfig -a lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 e1000g: flags=2001004802<BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS> mtu 1500 index 2 inet 0.0.0.0 netmask 0 ether 0:e:6:4:8:1 ath0: flags=201000803<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3 inet 0.0.0.0 netmask ff000000 ether 0:b:6:e:f:18

4. Check for available networks.

   # dladm scan-wifi LINK ESSID BSSID/IBSSID SEC STRENGTH MODE SPEED ath0 net1 00:0e:38:49:01:d0 none good g 54Mb ath0 net2 00:0e:38:49:02:f0 none very weak g 54Mb ath0 net3 00:0d:ed:a5:47:e0 none very good g 54Mb

   The example output of the scan-wifi command displays information about the available WiFi networks at the current location. The information in the output includes:

   LINK

   Link name to be used in the WiFi connection.

   ESSID

   Extended Service Set ID. The ESSID is the name of the WiFi network, such as net1, net2, and net3 in the example output.

   BSSID/IBSSID

   Basic Service Set ID, the unique identifier for a particular ESSID. The BSSID is the 48-bit MAC address of the nearby access point that serves the network with a particular ESSID.

   SEC

   Type of security that is needed to access the network. The values are none or WEP. For information about WEP, refer to Secure WiFi Communications.

   STRENGTH

   Strength of the radio signals from the WiFi networks that are available at your location.

   MODE

   Version of the 802 .11 protocol that is run by the network. The modes are a, b, or g, or these modes in combination.

   SPEED

   Speed in megabits per second of the particular network.

5. Connect to a WiFi network.

   Do either of the following:

   • Connect to the unsecured WiFi network with the strongest signal.

     # dladm connect-wifi

   • Connect to an unsecured network by specifying its ESSID.

     # dladm connect-wifi -e ESSID

     The connect-wifi subcommand of dladm has several more options for connecting to a WiFi network. For complete details, refer to the dladm(1M) man page.

6. Configure an IP address for the interface.

   Do either of the following:

   • Obtain an IP address from a DHCP server.

     # ifconfig interface dhcp start

     If the WiFi network does not support DHCP, you receive the following message:

     ifconfig: interface: interface does not exist or cannot be managed using DHCP

   • Configure a static IP address:

     Use this option if you have a dedicated IP address for the system.

     # ifconfig interface IP-address/CIDR-mask | netmask

7. Check the status of the WiFi network to which the system is connected.

   # dladm show-wifi LINK STATUS ESSID SEC STRENGTH MODE SPEED ath0 connected net3 none very good g 36Mb

   In this example, the output indicates that the system is now connected to the net3 network. The earlier scan-wifi output indicated that net3 had the strongest signal among the available networks. The dladm show-wifi command automatically chooses the WiFi network with strongest signal, unless you directly specify a different network.

8. Access the Internet through the WiFi network.

   Do either of the following, depending on the network to which the system is connected:

   • If the access point offers free service, you can now run a browser or an application of your choice.

   • If the access point is in a commercial hot spot that requires a fee, follow the instructions provided at the current location. Typically, you run a browser, supply a key, and give credit card information to the network provider.

9. Conclude the session.

   Do one of the following:

   • Terminate the WiFi session but leave the system running.

     # dladm disconnect-wifi

   • Terminate a particular WiFi session when more than one session is currently running.

     # dladm disconnect-wifi link

     where link represents the interface that was used for the session.

   • Cleanly shut down the system while the WiFi session is running.

     # shutdown -g0 -i5

     You do not need to explicitly disconnect the WiFi session prior to turning off the system through the shutdown command.

Example 3–1 Connecting to a Specific WiFi Network

The following example shows a typical scenario that you might encounter when using a laptop that runs the Solaris Express, Developer Edition 2/07 or later Developer releases in an Internet coffee house.

Learn whether a WiFi link is available.

# dladm show-wifi
ath0             type: non-vlan    mtu: 1500         device: ath0

The ath0 link is installed on the laptop. Configure the ath0 interface, and verify that it is up.

# ifconfig ath0 plumb
# ifconfig -a
lo0: flags=2001000849<LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
ath0: flags=201000803<BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 3
        inet 0.0.0.0 netmask ff000000
        ether 0:b:6b:4e:8f:18

Display the available WiFi links at your location.

# dladm scan-wifi
 LINK       ESSID         BSSID/IBSSID       SEC     STRENGTH   MODE   SPEED
 ath0       net1         00:0e:38:49:01:d0  none     weak       g      54Mb
 ath0       net2         00:0e:38:49:02:f0  none     very weak  g      54Mb
 ath0       net3         00:0d:ed:a5:47:e0  wep      very good  g      54Mb
 ath0       citinet      00:40:96:2a:56:b5  none     good       b      11Mb

The output indicates that net3 has the best signal. net3 requires a key, for which the provider for the coffee house charges a fee. citinet is a free network provided by the local town.

Connect to the citinet network.

# dladm connect-wifi -e citinet

The -e option of connect-wifi takes the ESSID of the preferred WiFi network as its argument. The argument in this command is citinet, the ESSID of the free local network. The dladm connect-wifi command offers several options for connecting to the WiFi network. For more information, refer to the dladm(1M) man page.

Configure an IP address for the WiFi interface.

# ifconfig ath0 10.192.16.3/24 up
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL>
 mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
e1000g0: flags=201004843<UP,,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS>
 mtu 1500 index 3
        inet 129.146.69.34 netmask fffffe00 broadcast 129.146.69.255
        ether 0:e:7b:b5:64:a4
ath0: flags=201004843<UP,BROADCAST,RUNNING,MULTICAST,DHCP,IPv4,CoS>
 mtu 1500 index 4
        inet 10.192.16.3 netmask ffffff00 broadcast 10.255.255.255
        ether 0:b:6b:4e:8f:18

This example assumes that you have the static IP address 10.192.16.3/24 configured on your laptop.

# dladm show-wifi
LINK       STATUS        ESSID         SEC     STRENGTH   MODE   SPEED
ath0       connected     citinet       none    good       g      11Mb

The output indicates that the laptop is now connected to network citinet.

# firefox

The home page for the Firefox browser displays.

Run a browser or other application to commence your work over the WiFi network.

# dladm disconnect-wifi
# dladm show-wifi
LINK       STATUS        ESSID         SEC     STRENGTH   MODE   SPEED
ath0       disconnected   --            --       --       --       --

The output of show-wifi verifies that you have disconnected the ath0 link from the WiFi network.

How to Monitor the WiFi Link

This procedure shows how to monitor the status of a WiFi link through standard networking tools, and change link properties through the linkprop subcommand.

1. Assume the Primary Administrator role, or become superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Connect to the WiFi network, as described in How to Connect to a WiFi Network.

3. View the properties of the link.

   Use the following syntax:

   # dladm show-linkprop interface

   For example, you would use the following syntax to show the status of the connection established over the ath0 link:

   # dladm show-linkprop ath0 PROPERTY VALUE DEFAULT POSSIBLE channel 5 -- -- powermode off off off,fast,max radio ? on on,off speed 36 -- 1,2,5.5,6,9,11,12,18,24,36,48,54

4. Set a fixed speed for the link.

   ---

   Caution –

   The Solaris OS automatically chooses the optimal speed for the WiFi connection. Modifying the initial speed of the link might cause reduced performance or prevent the establishment of certain WiFi connections.

   ---

   You can modify the link speed to one of the possible values for speed that is listed in the show-linkprop output.

   # dladm set-linkprop -p speed=value link

5. Check the packet flow over the link.

   # netstat -I ath0 -i 5 input ath0 output input (Total) output packets errs packets errs colls packets errs packets errs colls 317 0 106 0 0 2905 0 571 0 0 14 0 0 0 0 20 0 0 0 0 7 0 0 0 0 16 0 1 0 0 5 0 0 0 0 9 0 0 0 0 304 0 10 0 0 631 0 316 0 0 338 0 9 0 0 722 0 381 0 0 294 0 7 0 0 670 0 371 0 0 306 0 5 0 0 649 0 338 0 0 289 0 5 0 0 597 0 301 0 0

Example 3–2 Set the Speed of a Link

This example shows how to set the speed of a link after you have connected to a WiFi network

# dladm show-linkprop -p speed ath0
PROPERTY        VALUE           DEFAULT         POSSIBLE
speed           24               --              1,2,5,6,9,11,12,18,24,36,48,54
# dladm set-linkprop -p speed=36 ath0

# dladm show-linkprop -p speed ath0
PROPERTY        VALUE           DEFAULT         POSSIBLE
speed           36               --              1,2,5,6,9,11,12,18,24,36,48,54

Secure WiFi Communications

Radio wave technology makes WiFi networks readily available and often freely accessible to users in many locations. As a result, connecting to a WiFi network can be an insecure undertaking. However, certain types of WiFi connections are more secure:

• Connecting to a private, restricted-access WiFi network

  Private networks, such as internal networks established by corporations or universities, restrict access to their networks to users who can provide the correct security challenge. Potential users must supply a key during the connection sequence or log in to the network through a secure VPN.

• Encrypting your connection to the WiFi network

  You can encrypt communications between your system and a WiFi network by using a secure key. Your access point to the WiFi network must be a router in your home or office with a secure key-generating feature. Your system and the router establish and then share the key before creating the secure connection.

The dladm command can use a Wired Equivalent Privacy (WEP) key for encrypting connections through the access point. The WEP protocol is defined in IEEE 802.11 specifications for wireless connections. For complete details on the WEP-related options of the dladm command, refer to the dladm(1M) man page.

How to Set Up an Encrypted WiFi Network Connection

The next procedure shows how to set up secure communications between a system and a router in the home. Many wireless and wired routers for the home have an encryption feature that can generate a secure key. This procedure assumes that you use such a router and have its documentation available. The procedure also assumes that your system is already plugged into the router.

1. Start the software for configuring the home router.

   Refer to the manufacturer's documentation for instructions. Router manufacturers typically offer an internal web site or a graphical user interface for router configuration.

2. Generate the value for the WEP key.

   Follow the manufacturer's instructions for creating a secure key for the router. The router configuration GUI might ask you to supply a passphrase of your choice for the key. The software then uses the passphrase to generate a hexadecimal string, typically 5 bytes or 13 bytes in length. This string becomes the value to be used for the WEP key.

3. Apply and save the key configuration.

   Refer to the manufacturer's documentation for instructions.

4. Assume the Primary Administrator role, or become superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

5. Create a secure object that contains the WEP key.

   Open a terminal window on the system and type the following:

   # dladm create-secobj -c wep keyname

   where keyname represents the name you want to give to the key.

6. Supply the value for the WEP key to the secure object.

   The create-secobj subcommand then runs a script that requests the value for the key.

   provide value for keyname: 5 or 13 byte key confirm value for keyname: retype key

   This value is the key that was generated by the router. The script accepts either a five byte or thirteen byte string, in ASCII or in hexadecimal for the key value.

7. View the contents of the key that you just created.

   # dladm show-secobj OBJECT CLASS keyname wep

   where keyname is the name for the secure object.

8. Make an encrypted connection to the WiFi network.

   # dladm connect-wifi -e network -k keyname interface

9. Verify that the connection is secure.

   # dladm show-wifi LINK STATUS ESSID SEC STRENGTH MODE SPEED ath0 connected net1 wep good g 11Mb

   The wep value under the SEC heading indicates that WEP encryption is in place for the connection.

Example 3–3 Setting Up Encrypted WiFi Communications

This example assumes that you have already done the following:

• Connected your system to a home router that can create a WEP key

• Followed the router manufacturer's documentation and created the WEP key

• Saved the key so that you can use it to create the secure object on your system

# dladm create-secobj -c wep mykey
provide value for mykey: *****
confirm value for mkey: *****

When you supply the WEP key generated that is by the router, asterisks mask the value that you type.

# dladm show-secobj
OBJECT               CLASS
 mykey               wep
# dladm connect-wifi -e citinet -k mykey ath0

This command establishes an encrypted connection to the WiFi network citinet, using the secure object mykey.

# dladm show-wifi
LINK       STATUS        ESSID         SEC     STRENGTH   MODE   SPEED
ath0       connected     citinet       wep     good       g      36Mb

This output verifies that you are connected to citinet through WEP encryption.

Chapter 4 Troubleshooting Common Problems with Interfaces and Links

This chapter discusses different commands to monitor the status of data links and IP interfaces in your systems.

Monitoring the Interface Configuration With the ifconfig Command

You use the ifconfig command to manually assign IP addresses to interfaces and to manually configure interface parameters. In addition, the Solaris startup scripts run ifconfig to configure pseudo interfaces, such as 6to4 tunnel endpoints.

This book contains many tasks that use the various options of the versatile ifconfig command. For a complete description of this command, its options, and its variables, refer to the ifconfig(1M) man page. The basic syntax of ifconfig follows:

ifconfig interface [protocol-family]

How to Get Information About a Specific Interface

Use the ifconfig command to determine basic information about the interfaces of a particular system. For example, a simple ifconfig query can tell you the following:

• Device names of all interfaces on a system

• All IPv4 and, if applicable, all IPv6 addresses that are assigned to the interfaces

• Whether these interfaces are currently configured

The following procedure shows how to use the ifconfig command to obtain basic configuration information about a system's interfaces.

1. On the local host, assume the Primary Administrator role, or become superuser.

   The Primary Administrator role includes the Primary Administrator profile. To create the role and assign the role to a user, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

2. Obtain information about a particular interface.

   # ifconfig interface

   The output from the ifconfig command has the following format:

   • Status line

     The first line in the ifconfig command output includes the interface name and status flags currently associated with the interface. Also, the status line includes the maximum transmission unit (MTU) that is configured for the particular interface and an index number. Use the status line to determine the current state of the interface.

   • IP address information line

     The second line of the ifconfig output includes the IPv4 address or IPv6 address that is configured for the interface. For an IPv4 address, the configured netmask and broadcast address are also displayed.

   • MAC address line

     When you run the ifconfig command as superuser or with a similar role, the ifconfig output contains a third line. For an IPv4 address, the third line shows the MAC address (Ethernet layer address) that is assigned to the interface. For an IPv6 address, the third line in the output shows the link-local address that the IPv6 in.ndpd daemon generates from the MAC address.

Example 4–1 Basic Interface Information From the ifconfig Command

The following example shows how to obtain information about the eri interface on a particular host by using the ifconfig command.

# ifconfig eri
eri0: flags=863<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 1
      inet 10.0.0.112 netmask ffffff80 broadcast 10.8.48.127
      ether 8:0:20:b9:4c:54 
	

The next table describes the variable information in an ifconfig query. The preceding output is used as an example.

How to Display Interface Address Assignments

Routers and multihomed hosts have more than one interface and, often, more than one IP address assigned to each interface. You can use the ifconfig command to display all addresses that are assigned to the interfaces of a system. You can also use the ifconfig command to display only IPv4 or IPv6 address assignments. To additionally display the MAC addresses of the interfaces, you must first log in as superuser or assume the appropriate role.

For more information on the ifconfig command, see the ifconfig(1M) man page.

1. On the local system, assume the Network Management role or become superuser.

   Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

2. Obtain information about all interfaces.

   You can use variations of the ifconfig -a command to do the following:

   • View all addresses of all interfaces on the system.

     # ifconfig -a

   • View all IPv4 addresses that are assigned to a system's interfaces.

     # ifconfig -a4

   • If the local system is IPv6-enabled, display all IPv6 addresses that are assigned to a system's interfaces.

     ifconfig -a6

Example 4–2 Displaying Addressing Information for All Interfaces

This example shows entries for a host with solely a primary network interface, qfe0. Nevertheless, the ifconfig output shows that three forms of addresses are currently assigned to qfe0: loopback (lo0), IPv4 (inet), and IPv6 (inet6). In the IPv6 section of the output, note that the line for interface qfe0 displays the link-local IPv6 address. The second address for qfe0 is displayed on the qfe0:1 line.

% ifconfig -a
lo0: flags=1000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
qfe0: flags=1004843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 
        inet 10.0.0.112 netmask ffffff80 broadcast 10.0.0.127
        ether 8:0:20:b9:4c:54 
lo0: flags=2000849 <UP,RUNNING,MULTICAST,IPv6> mtu 8252 index 1
        inet6 ::1/128 
qfe0: flags=2000841 <UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
        ether 8:0:20:b9:4c:54 
        inet6 fe80::a00:20ff:feb9:4c54/10 
qfe0:1: flags=2080841 <UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
        inet6 2001:db8:3c4d:48:a00:20ff:feb9:4c54/64 

Example 4–3 Displaying Addressing Information for All IPv4 Interfaces

This example shows the IPv4 address that is configured for a multihomed host. You do not need to be logged in as superuser to run this form of the ifconfig command.

% ifconfig -a4
lo0: flags=1000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000
qfe0: flags=1004843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 10.0.0.112 netmask ffffff80 broadcast 10.0.0.127
        ether 8:0:20:b9:4c:54 
qfe1: flags=1004843 <UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
        inet 10.0.0.118 netmask ffffff80 broadcast 10.0.0.127
        ether 8:0:20:6f:5e:17

Example 4–4 Displaying Addressing Information for All IPv6 Interfaces

This example shows only the IPv6 addresses that are configured for a particular host. You do not need to be logged in as superuser to run this form of the ifconfig command.

% ifconfig -a6
lo0: flags=2000849 <UP,LOOPBACK,RUNNING,MULTICAST,IPv6> mtu 8252 index 1
        inet6 ::1/128 
qfe0: flags=2000841 <UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
        ether 8:0:20:b9:4c:54 
        inet6 fe80::a00:20ff:feb9:4c54/10
qfe0:1: flags=2080841 <UP,RUNNING,MULTICAST,ADDRCONF,IPv6> mtu 1500 index 2
        inet6 2001:db8:3c4d:48:a00:20ff:feb9:4c54/64 

This output from ifconfig shows the following three types of IPv6 address forms that are assigned to the single interface of a host:

lo0

IPv6 loopback address.

inet6 fe80::a00:20ff:feb9:4c54/10

Link-local address that is assigned to the primary network interface.

inet6 2001:db8:3c4d:48:a00:20ff:feb9:4c54/64

IPv6 address, including subnet prefix. The term ADDRCONF in the output indicates that this address was autoconfigured by the host.

Monitoring IPMP Interfaces

In this Solaris release, IP multipathing (IPMP) groups are represented as IPMP interfaces. The IPMP interface is treated just like any other IP interface on the IP layer. Thus, the ifconfig command can still be used to provide information about the IPMP group.

However, a new command, ipmpstat, that is more IPMP-specific has been introduced in this release. This command combined with different options can provide information about the IPMP group, the group's underlying interfaces, data addresses, test addresses, and the state of group as a whole. Thus, to obtain information about IPMP groups, use the ipmpstat command instead of ifconfig.

Specific ways of using the ipmpstat command are provided in Monitoring IPMP Information.

Monitoring Link Configurations

The dladm subcommand command is the administrative tool to use to configure data links on the link layer of the networking stack. You also use dladm to monitor links and obtain information such as the link states, associated physical devices, and other information specific to the type of link configuration. For more information about monitoring links, see Link Administration and Monitoring. You can also refer to the specific chapters that discuss types of link configurations, such as Performing Other Administrative Tasks on VLANs and Chapter 6, Administering Link Aggregations.